EP2047412B1 - Information storage medium and information storage medium processing apparatus - Google Patents

Information storage medium and information storage medium processing apparatus Download PDF

Info

Publication number
EP2047412B1
EP2047412B1 EP07768408.2A EP07768408A EP2047412B1 EP 2047412 B1 EP2047412 B1 EP 2047412B1 EP 07768408 A EP07768408 A EP 07768408A EP 2047412 B1 EP2047412 B1 EP 2047412B1
Authority
EP
European Patent Office
Prior art keywords
communication unit
communication
card
unit
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP07768408.2A
Other languages
German (de)
French (fr)
Other versions
EP2047412A4 (en
EP2047412A1 (en
Inventor
Norio Ishibashi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toshiba Corp
Original Assignee
Toshiba Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toshiba Corp filed Critical Toshiba Corp
Publication of EP2047412A1 publication Critical patent/EP2047412A1/en
Publication of EP2047412A4 publication Critical patent/EP2047412A4/en
Application granted granted Critical
Publication of EP2047412B1 publication Critical patent/EP2047412B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards

Definitions

  • One embodiment of the invention relates to an information storage medium which incorporates a nonvolatile data memory, and an IC (integrated circuit) chip having control elements such as a CPU and the like, and is so-called an IC card. Also, another embodiment of the invention relates to an information storage medium processing apparatus which writes and reads out data to and from such information storage medium, and is so-called an IC card reader/writer.
  • JP-A 2003-168092 proposes an IC card compatible to transmission protocols of contact and non-contact communications.
  • This IC card can be used in both contact and non-contact modes. That is, the IC card receives commands from an external device in both the contact and non-contact modes, and checks if the commands are received in the contact or non-contact mode. Then, the IC card executes an application program corresponding to the commands, and outputs the execution result to the external device. This IC card extracts command information included in fields of commands received from the external device, so that the application program is accessible to the extracted command information.
  • the commands can be reliably transferred to the application program while absorbing the difference between the transmission protocols of the contact and non-contact modes, and the command execution results can be reliably transmitted (output) to the external device.
  • JP-A 2004-78444 proposes an IC card that allows, via one of contact and non-contact access control means, access to a data storage area corresponding to the other access control means.
  • a non-contact data file link file required to access a non-contact data file, and a non-contact authentication link file used to acquire an authentication key required to access a contact data file are prepared in a contact data storage area.
  • authentication for the non-contact mode is done based on the non-contact authentication link file. If the authentication is OK, the data file in the non-contact data storage area is accessed based on the non-contact file link file.
  • the specific secret data in the card is protected by a method of "encrypting commands/responses as data in communications and further appending a signature", or a method of "complicating conditions required to access secret information".
  • JP-A 2003-132313 discloses a technique for selectively using the communication schemes of a combined card in accordance with security levels. That is, the communication schemes of the combined card are selectively used in accordance with the importance of security, that of shortening of a communication processing time, that of an easy communication action, the frequency of the communication action, and the like.
  • the security of the IC card is not high enough by only the aforementioned measures, and further security measures are demanded.
  • An IC card comprises a first communication unit configured to communicate with an IC card processing apparatus in a contact state, a second communication unit configured to communicate with the IC card processing apparatus in a non-contact state, a storage unit configured to store information, and an execution unit configured to execute predetermined processing based on the information stored in the storage unit using information processing results of both the first communication unit and the second communication unit, wherein the execution unit executes authentication processing for the predetermined processing by a communication with one of the first communication unit and the second communication unit, and executes authentication processing for the predetermined processing by a communication with the other of the first communication unit and the second communication unit, the execution unit executes the predetermined processing under a condition that both the first communication unit and the second communication unit have succeeded in authentication processing for the predetermined processing, and wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card before said both authentication processings.
  • An IC card processing apparatus comprises a first communication unit configured to communicate with an IC card in a contact state, a second communication unit configured to communicate with the IC card in a non-contact state, and a request unit configured to request the IC card to execute predetermined processing via information processing by both the first communication unit and the second communication unit, wherein the request unit executes authentication processing for the predetermined processing by both the first communication unit and the second communication unit and requests the predetermined processing, and wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card before said both authentication processings.
  • FIG. 1 is a schematic block diagram showing the arrangement of an IC card according to an embodiment of the present invention.
  • an IC card 1 comprises a CPU 11, ROM 12, RAM 13, nonvolatile memory (EEPROM) 14, co-processor 15, UART (Universal Asynchronous Receiver/Transmitter) 16, and antenna 17.
  • EEPROM nonvolatile memory
  • UART Universal Asynchronous Receiver/Transmitter
  • the CPU 11 executes a specific command.
  • the UART 16 serves as a contact communication I/F.
  • the antenna 17 serves as a non-contact communication I/F.
  • the IC card 1 permits access to a specific storage area (ROM 12 or nonvolatile memory 14) under the condition that the access is authenticated in both a first communication protocol using the contact communication I/F (contact protocol) and a second communication protocol using the non-contact communication I/F (non-contact protocol), and executes specific command processing.
  • FIG. 3 is a schematic block diagram showing the arrangement of an IC card reader/writer according to the embodiment of the invention.
  • an IC card reader/writer 2 comprises a CPU 21, ROM 22, RAM 23, nonvolatile memory 24, co-processor 25, UART 26, and antenna 27.
  • the CPU 21 executes a specific command.
  • the UART 26 serves as a contact communication I/F.
  • the antenna 27 serves as a non-contact communication I/F. With these I/Fs, the IC card reader/writer 2 requires authentication processing in the contact protocol using the contact communication I/F and the non-contact protocol using the non-contact communication I/F, and further requests specific command processing.
  • a plurality of routes of the communication data are prepared to make exploration of the communication data by an ill-disposed person difficult.
  • the security of the IC card is enhanced by a plurality of communication means in addition to the methods of encrypting communication data, appending a signature, and complicating access to secret information.
  • the IC card 1 stores applications A and B.
  • secret key A, verification key a , verification key b , application data, and the like are present in application A.
  • the IC card 1 stores secret key A, verification key a , verification key b , application data, and the like.
  • This secret key A is an important secret key which is used to generate a signature in the application, and is inhibited from being read out externally, and only a card issuer can update (rewrite) the secret key.
  • the card issuer can update secret key A only when he or she verifies verification key a . by the contact protocol and verification key b by the non-contact protocol.
  • FIG. 4 is a flowchart showing a first example of communication processing by a plurality of communication means.
  • the secret key is updated to A' and can be used.
  • the first example of the aforementioned communication processing can be practiced by, e.g., modifying it as follows.
  • FIG. 5 is a flowchart for explaining the second example of the communication processing using the plurality of communication means.
  • the secret key is updated to A' and can be used.
  • FIG. 6 is a flowchart showing the first example of a communication error.
  • FIG. 7 is a flowchart showing the second example of a communication error.
  • the CPU 11 of the IC card 1 checks if the processes are executed based on the prescribed processing order stored in the ROM 12 or the like, and determines an error if the processes are not executed based on the prescribed processing order. For example, assume that verification of verification key b using the non-contact protocol after that of verification key a using the contact protocol is determined as the prescribed processing order. Under this prescription, a communication error will be explained.
  • the aforementioned second example of a communication error may erase establishment of the condition "contact & verification key a " stored in ST43 based on the determination result in ST44 indicating that the condition is not established.
  • this embodiment is as follows.
  • the IC card determines the authenticity of processing based on both the result of authentication (verification) itself and the type of protocol of a command that prompts execution. That is, the IC card determines, as independent authentication (verification) results, the result authenticated (verified) by a specific command of the non-contact protocol via the non-contact communication I/F and the result authenticated (verified) by a specific command of the contact protocol via the contact communication I/F, and then permits the following operations when both the commands normally terminate:

Description

    Technical Field
  • One embodiment of the invention relates to an information storage medium which incorporates a nonvolatile data memory, and an IC (integrated circuit) chip having control elements such as a CPU and the like, and is so-called an IC card. Also, another embodiment of the invention relates to an information storage medium processing apparatus which writes and reads out data to and from such information storage medium, and is so-called an IC card reader/writer.
    • Background Art
  • In recent years, non-contact IC cards have been improved, and can be used more conveniently. At the same time, since information is wirelessly transmitted from non-contact IC cards, leakage of information during communications is an issue. For this reason, IC cards (combined cards) which are compatible to both contact and non-contact communications have gotten a lot of attention.
  • JP-A 2003-168092 (KOKAI) proposes an IC card compatible to transmission protocols of contact and non-contact communications. This IC card can be used in both contact and non-contact modes. That is, the IC card receives commands from an external device in both the contact and non-contact modes, and checks if the commands are received in the contact or non-contact mode. Then, the IC card executes an application program corresponding to the commands, and outputs the execution result to the external device. This IC card extracts command information included in fields of commands received from the external device, so that the application program is accessible to the extracted command information. Since the application program is accessible to the command information included in respective fields of the commands received from the external device, the commands can be reliably transferred to the application program while absorbing the difference between the transmission protocols of the contact and non-contact modes, and the command execution results can be reliably transmitted (output) to the external device.
  • JP-A 2004-78444 (KOKAI) proposes an IC card that allows, via one of contact and non-contact access control means, access to a data storage area corresponding to the other access control means. In this IC card, a non-contact data file link file required to access a non-contact data file, and a non-contact authentication link file used to acquire an authentication key required to access a contact data file are prepared in a contact data storage area. Upon accessing a data file in a non-contact data storage area from a contact type host device via a contact IF, authentication for the non-contact mode is done based on the non-contact authentication link file. If the authentication is OK, the data file in the non-contact data storage area is accessed based on the non-contact file link file.
  • Nowadays, since various non-contact IC cards and contact IC cards such as ETC cards and the like have prevailed, readers/writers for these non-contact and contact IC cards have also prevailed, and the general user can check communication data between an IC card and reader/writer.
  • Of course, it is not easy for the user to directly access specific secret data in the card if he or she can check the communication data. The specific secret data in the card is protected by a method of "encrypting commands/responses as data in communications and further appending a signature", or a method of "complicating conditions required to access secret information".
  • JP-A 2003-132313 (KOKAI) discloses a technique for selectively using the communication schemes of a combined card in accordance with security levels. That is, the communication schemes of the combined card are selectively used in accordance with the importance of security, that of shortening of a communication processing time, that of an easy communication action, the frequency of the communication action, and the like.
  • However, the security of the IC card is not high enough by only the aforementioned measures, and further security measures are demanded.
    • Disclosure of Invention
  • It is an object of the invention to provide an information storage medium and an information storage medium processing apparatus which are excellent in security.
  • An IC card according to one embodiment of the invention comprises a first communication unit configured to communicate with an IC card processing apparatus in a contact state, a second communication unit configured to communicate with the IC card processing apparatus in a non-contact state, a storage unit configured to store information, and an execution unit configured to execute predetermined processing based on the information stored in the storage unit using information processing results of both the first communication unit and the second communication unit, wherein the execution unit executes authentication processing for the predetermined processing by a communication with one of the first communication unit and the second communication unit, and executes authentication processing for the predetermined processing by a communication with the other of the first communication unit and the second communication unit, the execution unit executes the predetermined processing under a condition that both the first communication unit and the second communication unit have succeeded in authentication processing for the predetermined processing, and wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card before said both authentication processings.
  • An IC card processing apparatus according to one embodiment of the invention comprises a first communication unit configured to communicate with an IC card in a contact state, a second communication unit configured to communicate with the IC card in a non-contact state, and a request unit configured to request the IC card to execute predetermined processing via information processing by both the first communication unit and the second communication unit, wherein the request unit executes authentication processing for the predetermined processing by both the first communication unit and the second communication unit and requests the predetermined processing, and wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card before said both authentication processings.
  • Additional advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out hereinafter.
    • Brief description of drawings
    • FIG. 1 is a schematic block diagram showing the arrangement of an IC card according to an embodiment of the invention;
    • FIG. 2 is a view showing the presence of applications A and B in the IC card according to the embodiment;
    • FIG. 3 is a schematic block diagram showing the arrangement of an IC card reader/writer according to the embodiment;
    • FIG. 4 is a flowchart showing a first example of communication processing by a plurality of communication means;
    • FIG. 5 is a flowchart showing a second example of communication processing by a plurality of communication means;
    • FIG. 6 is a flowchart showing a first example of a communication error; and
    • FIG. 7 is a flowchart showing a second example of a communication error.
    Best Mode for Carrying Out the Invention
  • One embodiment of the invention will described hereinafter with reference to the accompanying drawings.
  • FIG. 1 is a schematic block diagram showing the arrangement of an IC card according to an embodiment of the present invention. As shown in FIG. 1, an IC card 1 comprises a CPU 11, ROM 12, RAM 13, nonvolatile memory (EEPROM) 14, co-processor 15, UART (Universal Asynchronous Receiver/Transmitter) 16, and antenna 17.
  • The CPU 11 executes a specific command. The UART 16 serves as a contact communication I/F. The antenna 17 serves as a non-contact communication I/F. With these I/Fs, the IC card 1 permits access to a specific storage area (ROM 12 or nonvolatile memory 14) under the condition that the access is authenticated in both a first communication protocol using the contact communication I/F (contact protocol) and a second communication protocol using the non-contact communication I/F (non-contact protocol), and executes specific command processing.
  • FIG. 3 is a schematic block diagram showing the arrangement of an IC card reader/writer according to the embodiment of the invention. As shown in FIG. 3, an IC card reader/writer 2 comprises a CPU 21, ROM 22, RAM 23, nonvolatile memory 24, co-processor 25, UART 26, and antenna 27.
  • The CPU 21 executes a specific command. The UART 26 serves as a contact communication I/F. The antenna 27 serves as a non-contact communication I/F. With these I/Fs, the IC card reader/writer 2 requires authentication processing in the contact protocol using the contact communication I/F and the non-contact protocol using the non-contact communication I/F, and further requests specific command processing.
  • In this embodiment, in order to prevent leakage of communication data, a plurality of routes of the communication data are prepared to make exploration of the communication data by an ill-disposed person difficult. For example, the security of the IC card is enhanced by a plurality of communication means in addition to the methods of encrypting communication data, appending a signature, and complicating access to secret information.
  • Details of communications using a plurality of communication means will be described below. In the IC card 1, applications A and B are present, as shown in FIG. 2. That is, the IC card 1 stores applications A and B. For example, secret key A, verification key a, verification key b, application data, and the like are present in application A. That is, the IC card 1 stores secret key A, verification key a, verification key b, application data, and the like. This secret key A is an important secret key which is used to generate a signature in the application, and is inhibited from being read out externally, and only a card issuer can update (rewrite) the secret key. The card issuer can update secret key A only when he or she verifies verification key a. by the contact protocol and verification key b by the non-contact protocol.
  • FIG. 4 is a flowchart showing a first example of communication processing by a plurality of communication means.
    • ST11: The contact communication I/F (UART 26) of the reader/writer 2 activates the IC card 1 via the contact I/F (UART 16) of the IC card 1, thus setting the IC card 1 in a communicable state using the contact protocol (e.g., T = 1 protocol).
    • ST12: The contact communication I/F of the reader/writer 2 executes a SELECT FILE command so as to select application A in the IC card 1 using the contact protocol. In the IC card 1, application A is assigned to a current application in the contact protocol.
    • ST13: The non-contact communication I/F (antenna 27) of the reader/writer 2 sets a communicable state using the non-contact protocol (e.g., T = CL protocol) of the IC card 1 via the non-contact I/F (antenna 17) of the IC card 1.
    • ST14: The non-contact communication I/F of the reader/writer 2 executes a SELECT FILE command so as to select application A in the IC card 1 using the non-contact protocol. In the IC card 1, application A is assigned to a current application in the non-contact protocol.
    • ST15: The contact communication I/F of the reader/writer 2 verifies verification key a by a Verify command using the contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the contact protocol" are met, the IC card 1 stores establishment of the condition "contact & verification key a", and the contact communication I/F of the IC card 1 returns a normal termination response to that of the reader/writer 2.
    • ST16: The non-contact communication I/F of the reader/writer 2 verifies verification key b by a Verify command using the non-contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the non-contact protocol" are met, the IC card 1 stores establishment of the condition "non-contact & verification key b", and the non-contact communication I/F of the IC card 1 returns a normal termination response to that of the reader/writer 2.
    • ST17: The contact communication I/F of the reader/writer 2 executes an Update Key command using the contact protocol so as to update secret key A.
    • ST18: Application A confirms whether or not both the conditions "contact & verification key a" and "non-contact & verification key b" are established after confirmation of the authenticity of the command. If both the conditions are established, secret key A is updated to new secret key A' derived from data included in the received command, and the contact communication I/F of the IC card 1 returns a normal termination response to that of the reader/writer 2.
  • After that, the secret key is updated to A' and can be used.
  • Note that the first example of the aforementioned communication processing can be practiced by, e.g., modifying it as follows.
    1. (1) The order of the contact communications in STI1 and ST12 and the non-contact communications in ST13 and ST14 may be replaced. That is, after execution of the non-contact communications in ST13 and ST14, the contact communications in ST11 and ST12 may be executed.
    2. (2) The order of the contact communication in ST15 and the non-contact communication in ST16 may be replaced. That is, after execution of the non-contact communication in ST16, the contact communication in ST15 may be executed.
    3. (3) The contact communication in ST17 may be implemented by a non-contact communication.
  • The second example of the communication processing using the plurality of communication means will be described below. FIG. 5 is a flowchart for explaining the second example of the communication processing using the plurality of communication means.
    • ST21: The contact communication I/F (UART 26) of the reader/writer 2 activates the IC card 1 via the contact I/F (UART 16) of the IC card 1, thus setting the IC card 1 in a communicable state using the contact protocol (e.g., T = 1 protocol).
    • ST22: The contact communication I/F of the reader/writer 2 executes a SELECT FILE command so as to select application A in the IC card 1 using the contact protocol. In the IC card 1, application A is assigned to a current application in the contact protocol.
    • ST23: The contact communication I/F of the reader/writer 2 verifies verification key a by a Verify command using the contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the contact protocol" are met, the IC card 1 stores establishment of the condition "contact & verification key a", and the contact communication I/F of the IC card 1 returns a normal termination response to that of the reader/writer 2. Then, the IC card 1 is deactivated.
    • ST24: The non-contact communication I/F (antenna 27) of the reader/writer 2 activates the IC card 1 via the non-contact I/F (antenna 17) of the IC card 1, and sets it in a communicable state using the non-contact protocol (e.g., T = CL protocol) of the IC card 1.
    • ST25: The non-contact communication I/F of the reader/writer 2 executes a SELECT FILE command so as to select application A in the IC card 1 using the contact protocol. In the IC card 1, application A is assigned to a current application in the non-contact protocol.
    • ST26: The non-contact communication I/F of the reader/writer 2 verifies verification key b by a Verify command using the non-contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the non-contact protocol" are met, the IC card 1 stores establishment of the condition "non-contact & verification key b", and the non-contact communication I/F of the IC card 1 returns a normal termination response to that of the reader/writer 2. Then, the IC card 1 is deactivated.
    • ST27: The contact communication I/F of the reader/writer 2 activates the IC card 1 via the contact I/F of the IC card 1, and executes an Update Key command using the contact protocol so as to update secret key A.
    • ST28: Application A confirms whether or not both the conditions "contact & verification key a" and "non-contact & verification key b" are established after confirmation of the authenticity of the command. If both the conditions are established, secret key A is updated to new secret key A' derived from data included in the received command, and the contact communication I/F of the IC card 1 returns a normal termination response to that of the reader/writer 2.
  • After that, the secret key is updated to A' and can be used.
  • Note that the second example of the aforementioned communication processing can be practiced by, e.g., modifying it as follows.
    1. (1) The order of the contact communications in ST21, ST22, and ST23 and the non-contact communications in ST24, ST25, and ST26 may be replaced. That is, after execution of the non-contact communications in ST24, ST25, and ST26, the contact communications in ST21, ST22, and ST23 may be executed.
    2. (2) The contact communication in ST27 may be implemented by a non-contact communication.
    3. (3) After the normal termination response is returned in ST26, the process may advance to the update processing in ST27 without deactivating the IC card 1.
  • A case corresponding to a communication error will be described below with reference to FIG. 6. FIG. 6 is a flowchart showing the first example of a communication error.
    • ST31: The contact communication I/F (UART 26) of the reader/writer 2 activates the IC card 1 via the contact I/F (UART 16) of the IC card 1, thus setting a communicable state using the contact protocol (e.g., T = 1 protocol).
    • ST32: The contact communication I/F of the reader/writer 2 executes a SELECT FILE command so as to select application A in the IC card 1 using the contact protocol. In the IC card 1, application A is assigned to a current application in the contact protocol.
    • ST33: The contact communication I/F of the reader/writer 2 verifies verification key a by a Verify command using the contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the contact protocol" are met, the IC card 1 stores establishment of the condition "contact & verification key a", and the contact communication I/F of the IC card 1 returns a normal termination response to that of the reader/writer 2.
    • ST34: The contact communication I/F of the reader/writer 2 executes an Update Key command using the contact protocol so as to update secret key A. Application A confirms whether or not both the conditions "contact & verification key a" and "non-contact & verification key b" are established after confirmation of the authenticity of the command. In this case, however, application A cannot confirm establishment of both the conditions. That is, since verification of verification key b by the non-contact protocol does not terminate normally, application A determines that the conditions required to update secret key A are not established, and the contact communication I/F of the IC card 1 returns an abnormal termination response to that of the reader/writer 2 without updating secret key A.
  • Furthermore, another case corresponding to a communication error will be described below with reference to FIG. 7. FIG. 7 is a flowchart showing the second example of a communication error.
  • The CPU 11 of the IC card 1 checks if the processes are executed based on the prescribed processing order stored in the ROM 12 or the like, and determines an error if the processes are not executed based on the prescribed processing order. For example, assume that verification of verification key b using the non-contact protocol after that of verification key a using the contact protocol is determined as the prescribed processing order. Under this prescription, a communication error will be explained.
    • ST41: The contact communication I/F (UART 26) of the reader/writer 2 activates the IC card 1 via the contact I/F (UART 16) of the IC card 1, thus setting a communicable state using the contact protocol (e.g., T = 1 protocol).
    • ST42: The contact communication I/F of the reader/writer 2 executes a SELECT FILE command so as to select application A in the IC card 1 using the contact protocol. In the IC card 1, application A is assigned to a current application in the contact protocol.
    • ST43: The contact communication I/F of the reader/writer 2 verifies verification key a by a Verify command using the contact protocol. In application A, verification is started after the authenticity of the command is confirmed. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the contact protocol" are met, the IC card 1 stores establishment of the condition "contact & verification key a", and the contact communication I/F of the IC card 1 returns a normal termination response to that of the reader/writer 2.
    • ST44: The contact communication I/F of the reader/writer 2 verifies verification key b by a Verify command using the contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the non-contact protocol" are met, the IC card 1 stores establishment of the condition "non-contact & verification key b". In this case, however, since these two requirements are not met, application A determines that the condition is not established. Based on the determination result of application A, the contact communication I/F of the IC card 1 returns an abnormal termination response to that of the reader/writer 2.
    • ST45: The contact communication I/F of the reader/writer 2 executes an Update Key command using the contact protocol so as to update secret key A. Application A confirms whether or not both the conditions "contact & verification key a" and "non-contact & verification key b" are established after confirmation of the authenticity of the command. In this case, however, application A cannot confirm establishment of both the conditions. That is, since verification of verification key b by the non-contact protocol does not terminate normally, application A determines that the conditions required to update secret key A are not established, and the contact communication I/F of the IC card 1 returns an abnormal termination response to that of the reader/writer 2 without updating secret key A.
  • Note that the aforementioned second example of a communication error may erase establishment of the condition "contact & verification key a" stored in ST43 based on the determination result in ST44 indicating that the condition is not established.
  • This embodiment will be summarized below.
    1. (1) When the IC card is activated by one of the contact and non-contact I/Fs and authentication is executed, the IC card holds the contents of the authentication in the nonvolatile memory. After the IC card is temporarily deactivated, when it is activated by the other I/F and authentication is executed, the IC card determines that the security conditions are established when the authentication processes by the two I/Fs have succeeded, and permits access from the I/F in connection.
    2. (2) The IC card makes communications while switching the contact and non-contact I/Fs. The IC card determines that the security conditions are established when the authentication processes by the two I/Fs have successively succeeded, and permits accesses from the two I/Fs.
    3. (3) When a procedure other than the prescribed authentication procedure ((1) or (2) above) is executed, the IC card immediately determines that the security conditions are not established as well as the intermediate authentication result, and denies access.
  • More specifically, this embodiment is as follows.
  • The IC card determines the authenticity of processing based on both the result of authentication (verification) itself and the type of protocol of a command that prompts execution. That is, the IC card determines, as independent authentication (verification) results, the result authenticated (verified) by a specific command of the non-contact protocol via the non-contact communication I/F and the result authenticated (verified) by a specific command of the contact protocol via the contact communication I/F, and then permits the following operations when both the commands normally terminate:
    1. 1) to update security status of the overall card and to access specific data in the card;
    2. 2) to update security status in a DF and to access specific data under the DF;
    3. 3) to update security status in the DF and to execute a specific command under the DF;
    4. 4) to update security status in an application, and to access specific data under the application; and
    5. 5) to update security status in the application and to execute a specific command under the application.
  • Additional advantages and modifications will readily occur to those skilled in the art. Therefore, the invention in its broader aspects is not limited to the specific details and representative embodiments shown and described herein. Accordingly, various modifications may be made without departing from the spirit or scope of the general inventive concept as defined by the appended claims and their equivalents.

Claims (10)

  1. An IC card (1) comprising:
    a first communication unit (16) configured to communicate with an IC card processing apparatus in a contact state;
    a second communication unit (17) configured to communicate with the IC card processing apparatus in a non-contact state;
    a storage unit (12, 14) configured to store information; and
    an execution unit (11) configured to execute predetermined processing based on the information stored in the storage unit using information processing results of both the first communication unit and the second communication unit,
    wherein the execution unit (11) executes authentication processing for the predetermined processing by a communication with one of the first communication unit and the second communication unit, and executes authentication processing for the predetermined processing by a communication with the other of the first communication unit and the second communication unit,
    the execution unit executes the predetermined processing under a condition that both the first communication unit and the second communication unit have succeeded in authentication processing for the predetermined processing, and
    wherein each authentication processing includes verifying a verification key (a b), said keys being stored by the IC card before said both authentication processings.
  2. An IC card according to claim 1, wherein the execution unit (11) is activated by a communication with one of the first communication unit and the second communication unit to execute authentication processing for the predetermined processing, stores an authentication processing result in the storage unit, and is deactivated, and the execution unit is activated by a communication with the other of the first communication unit and the second communication unit to execute authentication processing for the predetermined processing, and stores an authentication processing result in the storage unit, and the execution unit executes the predetermined processing under a condition that the two authentication processing results stored in the storage unit indicate successful authentication.
  3. An IC card according to claim 2, wherein the execution unit (11) determines as an error authentication processing by the first communication unit and the second communication unit that does not correspond to a prescribed authentication processing order of the first communication unit and the second communication unit, and does not permit execution of the predetermined processing.
  4. An IC card according to claim 3, wherein when the execution unit (11) stores the authentication processing result in the storage unit via the communication with one of the first communication unit and the second communication unit, and the same communication unit executes a communication again, the execution unit deletes the authentication processing result stored in the storage unit.
  5. An IC card according to claim 1, wherein the execution unit (11) is activated by a communication with at least one of the first communication unit and the second communication unit, executes authentication processing for the predetermined processing using both the first communication unit and the second communication unit by switching the first communication unit and the second communication unit, stores authentication processing results in the storage unit, and executes the predetermined processing under a condition that the two authentication processing results stored in the storage unit indicate successful authentication.
  6. An IC card according to claim 1, wherein the storage unit (12, 14) stores a secret key, and
    the execution unit updates the secret key in response to an update request of the secret key under a condition that the authentication processes of both the first communication unit and the second communication unit have succeeded.
  7. An IC card processing apparatus (2) comprising:
    a first communication unit (26) configured to communicate with an IC card (1) in a contact state;
    a second communication unit (27) configured to communicate with the IC card (1) in a non-contact state; and
    a request unit (21) configured to request the IC card (1) to execute predetermined processing via information processing by both the first communication unit and the second communication unit,
    wherein the request unit (21) executes authentication processing for the predetermined processing by both the first communication unit and the second communication unit and requests the predetermined processing, and
    wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card (1) before said both authentication processings.
  8. An apparatus according to claim 7, wherein the request unit (21) activates IC card medium by a communication with one of the first communication unit and the second communication unit to execute authentication processing for the predetermined processing, activates le card by a communication with the other of the first communication unit and the second communication unit to execute authentication processing for the predetermined processing, and requests the predetermined processing.
  9. An apparatus according to claim 8, wherein the request unit (21) executes the authentication processing based on a prescribed authentication processing order of the first communication unit and the second communication unit.
  10. An apparatus according to claim 7, wherein the request unit (21) activates IC card by a communication with at least one of the first communication unit and the second communication unit, executes authentication processing for the predetermined processing using both the first communication unit and the second communication unit by switching the first communication unit and the second communication unit, and requests the predetermined processing.
EP07768408.2A 2006-07-27 2007-07-06 Information storage medium and information storage medium processing apparatus Active EP2047412B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006205129A JP4960034B2 (en) 2006-07-27 2006-07-27 Information storage medium and information storage medium processing apparatus
PCT/JP2007/063939 WO2008013066A1 (en) 2006-07-27 2007-07-06 Information storage medium and information storage medium processing apparatus

Publications (3)

Publication Number Publication Date
EP2047412A1 EP2047412A1 (en) 2009-04-15
EP2047412A4 EP2047412A4 (en) 2011-09-14
EP2047412B1 true EP2047412B1 (en) 2015-06-17

Family

ID=38981379

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07768408.2A Active EP2047412B1 (en) 2006-07-27 2007-07-06 Information storage medium and information storage medium processing apparatus

Country Status (4)

Country Link
US (1) US20090184799A1 (en)
EP (1) EP2047412B1 (en)
JP (1) JP4960034B2 (en)
WO (1) WO2008013066A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4420296B2 (en) * 2007-11-19 2010-02-24 フェリカネットワークス株式会社 Information processing apparatus, information processing method, and program
CN102105845B (en) * 2008-05-26 2013-03-27 Sk电信有限公司 Memory card supplemented with wireless communication module, terminal for using same, memory card including WPAN communication module, and WPAN communication method using same
JP2009289104A (en) * 2008-05-30 2009-12-10 Dainippon Printing Co Ltd Security device with function for detecting trouble attack
JP5235764B2 (en) * 2009-04-16 2013-07-10 株式会社日立製作所 IC chip and information processing apparatus equipped with the same
CA2722980C (en) 2009-12-01 2019-01-08 Inside Contactless Process for controlling access to a contactless interface in a contact and contactless double communication interface integrated circuit
US9094830B2 (en) * 2012-07-05 2015-07-28 Blackberry Limited Managing data transfer across a network interface
JP6398193B2 (en) * 2014-01-06 2018-10-03 凸版印刷株式会社 Portable electronic medium and input / output control method

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2694168B2 (en) * 1988-08-08 1997-12-24 共同印刷株式会社 IC card
JPH0726774Y2 (en) * 1989-05-09 1995-06-14 シャープ株式会社 IC card, reader / writer, and IC card device
DE69501327T3 (en) * 1994-03-24 2005-12-22 Minnesota Mining And Mfg. Co., Saint Paul Biometric personal authentication system
US6097292A (en) * 1997-04-01 2000-08-01 Cubic Corporation Contactless proximity automated data collection system and method
US6003014A (en) * 1997-08-22 1999-12-14 Visa International Service Association Method and apparatus for acquiring access using a smart card
JP2001060259A (en) * 1999-08-24 2001-03-06 Dainippon Printing Co Ltd Composite ic card and ic card forgery detection system
JP3954271B2 (en) * 2000-03-16 2007-08-08 本田技研工業株式会社 Memory rewriting system for vehicle control device
JP2003132313A (en) * 2001-10-24 2003-05-09 Toshiba Corp Lsi for combination card, combination card, and using method for combination card
JP3863011B2 (en) 2001-11-29 2006-12-27 シャープ株式会社 Combination type IC card, control method therefor, and system program therefor
JP2004046408A (en) * 2002-07-10 2004-02-12 Kenwood Corp Hybrid ic card, method for controlling same and portable telephone set
JP3737462B2 (en) * 2002-07-30 2006-01-18 ソニー・エリクソン・モバイルコミュニケーションズ株式会社 Information processing system, information communication terminal and method, information processing device and method, recording medium, and program
JP3933003B2 (en) * 2002-07-30 2007-06-20 株式会社日立製作所 IC card and payment terminal
JP3698693B2 (en) 2002-08-14 2005-09-21 株式会社エヌ・ティ・ティ・データ Access control apparatus and computer program thereof
US6776339B2 (en) * 2002-09-27 2004-08-17 Nokia Corporation Wireless communication device providing a contactless interface for a smart card reader
JP4480382B2 (en) * 2003-10-27 2010-06-16 文化シヤッター株式会社 Switching system
WO2006072978A1 (en) * 2005-01-05 2006-07-13 Fujitsu Limited Authentication system in information processing device using mobile device
JP2007094935A (en) * 2005-09-30 2007-04-12 Omron Corp Information processing device, method, system, and program, and recording medium
US7614551B2 (en) * 2005-10-31 2009-11-10 Veritec, Inc. Method and system for securely encoding and decoding biometric data into a memory device using a two dimensional symbol
JP2007317170A (en) * 2006-04-28 2007-12-06 Renesas Technology Corp Ic module and cellular phone

Also Published As

Publication number Publication date
WO2008013066A1 (en) 2008-01-31
EP2047412A4 (en) 2011-09-14
EP2047412A1 (en) 2009-04-15
US20090184799A1 (en) 2009-07-23
JP2008033547A (en) 2008-02-14
JP4960034B2 (en) 2012-06-27

Similar Documents

Publication Publication Date Title
US5288978A (en) Mutual authentication system and method which checks the authenticity of a device before transmitting authentication data to the device
EP2047412B1 (en) Information storage medium and information storage medium processing apparatus
US8804959B2 (en) Communication device, communication method, and communication system
US5379344A (en) Smart card validation device and method
EP0440158B1 (en) Mutual authentication system
AU2008248013B2 (en) Dynamically programmable RFID transponder
EP2229653B1 (en) System and method for updating read-only memory in smart card memory modules
US7886970B2 (en) Data communicating apparatus and method for managing memory of data communicating apparatus
US7428992B2 (en) Secure device and system for issuing IC cards
JP2007532984A (en) Semiconductor memory
JP4240851B2 (en) PIN code identification device and PIN code identification method
JP5459845B2 (en) Portable electronic device, method for controlling portable electronic device, and IC card
JP2007141113A (en) Ic card having biometrics authentication function and ic card program
JP2003006582A (en) Ic card processing system and ic card processing method
JP2002024790A (en) Information processing system, portable electronic device, and key changing method
JP4476658B2 (en) Portable electronic device, electronic processing system, and electronic processing method
JP2002342734A (en) Portable electronic equipment and its history data storing method
JP4899499B2 (en) IC card issuing method, IC card issuing system, and IC card
JP2002024785A (en) Ic card and reader/writer
JP7380603B2 (en) Secure device, command execution management method, and IC chip
JP2003067679A (en) Portable electronic device and data write method therefor
JP2000113121A (en) Portable electronic equipment and method for initializing portable electronic equipment
JP2000207506A (en) Non-contact type ic card system
AU651584B2 (en) Smart card validation device and method
JP2022069184A (en) Ic card, command management method for ic card, and microcontroller for ic card

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090106

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK RS

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): FR

REG Reference to a national code

Ref country code: DE

Ref legal event code: 8566

A4 Supplementary search report drawn up and despatched

Effective date: 20110817

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/32 20060101ALI20110810BHEP

Ipc: G06K 19/07 20060101ALI20110810BHEP

Ipc: G06K 19/073 20060101AFI20110810BHEP

Ipc: G06F 21/24 20060101ALI20110810BHEP

Ipc: G06K 17/00 20060101ALI20110810BHEP

17Q First examination report despatched

Effective date: 20121210

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Free format text: PREVIOUS MAIN CLASS: G06K0019073000

Ipc: G06F0021770000

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/77 20130101AFI20141021BHEP

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

INTG Intention to grant announced

Effective date: 20150112

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): FR

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20160318

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 10

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 11

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 12

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20230523

Year of fee payment: 17